New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Restart container runtimes when certificates store changes #2076
Restart container runtimes when certificates store changes #2076
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🎧
sources/models/src/aws-k8s-1.19/defaults.d/53-containerd-pki.toml
Outdated
Show resolved
Hide resolved
It'd be worth rebasing this to exercise more of the functionality after the |
338cc9a
to
7941eda
Compare
(Rebase to pull down migrations directory for next release) |
7941eda
to
2d56326
Compare
(Rebase to pull down latest changes in |
2d56326
to
2512f09
Compare
Forced push includes migration and configuration files for newly added variants |
2512f09
to
6a6ddf3
Compare
(Rebased to pull down fixes in aws-ecs-1-nvidia) |
6a6ddf3
to
ed7a551
Compare
(Fix since I was using |
|
||
fn main() { | ||
let variant = Variant::from_env().unwrap(); | ||
variant.emit_cfgs(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚀
/// We updated the 'affected-services' list metadata for 'settings.network.hostname' to include the | ||
/// hosts "service" on upgrade, and to remove it on downgrade. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This comment is not accurate.
ed7a551
to
ae88e38
Compare
(Forced push to fix comment in migration) |
…hanges The containerd and docker daemons cache the certificates store, so any updates to the store will be ignored by the daemons. With this, the daemons will be restarted whenever the certificates store is updated. Signed-off-by: Arnaldo Garcia Rincon <agarrcia@amazon.com>
ae88e38
to
4ac5ae7
Compare
(Forced push to fix merge conflicts with |
Issue number:
Fixes #2021
Description of changes:
Testing done:
In aws-ecs-1, aws-k8s-1.21:
ECS:
k8s:
I deployed a pod that used an image in my local registry, since k8s variants don't have docker. After I updated the certificates store (like in the ECS test), the image was successfully pulled:
Terms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.